using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace RoleBasedSecurityExample
{
	/// <summary>
	/// Summary description for login.
	/// </summary>
	public partial class login : System.Web.UI.Page
	{
	
		protected void Page_Load(object sender, System.EventArgs e)
		{
			// Put user code to initialize the page here
		}

		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{    

		}
		#endregion

		protected void btnLogin_Click(object sender, System.EventArgs e)
		{
			FormsAuthentication.Initialize();
			// connect to database to query user information (userid, username, password, roles...)

			// i do not emplement here
			// to simple i use manual code to demonstrator...
			// I assume that
			// - if userid=admin and password=admin then have role is Administrator
			// - if userid=manager and password=manager then have role is Manager
			// - if userid=guest and password=guest then have role is Guest
			string roles = "";
			bool loginValid = false;
			if (txtUserID.Text.Equals("admin"))
			{
				if (txtPassword.Text.Equals("admin"))
				{
					roles = "Administrator";
					loginValid = true;
				}
				else
					lblError.Text = "Invalid password";
			}
			else if (txtUserID.Text.Equals("manager"))
			{
				if (txtPassword.Text.Equals("manager"))
				{
					roles = "Manager";
					loginValid = true;
				}
				else
					lblError.Text = "Invalid password";
			}
			else if (txtUserID.Text.Equals("guest"))
			{
				if (txtPassword.Text.Equals("guest"))
				{
					roles = "Guest";
					loginValid = true;
				}
				else
					lblError.Text = "Invalid password";
			}
			else
				lblError.Text = "Invalid user id";
			
			// login success
			if (loginValid)
			{
				// Create a new ticket used for authentication
				FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
					1, // Ticket version
					txtUserID.Text, // Username associated with ticket
					DateTime.Now, // Date/time issued
					DateTime.Now.AddMinutes(30), // Date/time to expire
					true, // "true" for a persistent user cookie
					roles, // User-data, in this case the roles
					FormsAuthentication.FormsCookiePath);// Path cookie valid for

				// Encrypt the ticket.
				string encTicket = FormsAuthentication.Encrypt(ticket);

				// Create the cookie.
				Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

				// Redirect back to original URL.
				// Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserID.Text,true));
				// default.aspx
				if(FormsAuthentication.GetRedirectUrl(txtUserID.Text,true).EndsWith("default.aspx"))
					HttpContext.Current.Response.Redirect("WebForm1.aspx", true);
				else
					Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserID.Text,true));
				
			}

		}
	}
}
